Make the session cookie secure if the IdP is accepting authn requests over a secure...
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 15 Jun 2008 08:21:08 +0000 (08:21 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 15 Jun 2008 08:21:08 +0000 (08:21 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2738 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java

index ddb8d71..2be4144 100644 (file)
@@ -507,7 +507,7 @@ public class AuthenticationEngine extends HttpServlet {
             sessionCookie.setPath(contextPath);
         }
         
-        sessionCookie.setSecure(false);
+        sessionCookie.setSecure(httpRequest.isSecure());
         sessionCookie.setMaxAge(-1);
 
         httpResponse.addCookie(sessionCookie);